Data theft in British Airways; over 300k users affected

The company mentions that their information was stolen for almost two weeks

British Airways, the self-called “world’s favorite airline”, has become the latest victim of massive data theft, an event that exposed personal details and credit card numbers of up to 380k customers over a period of more than two weeks, as reported by ethical hacking experts from the International Institute of Cyber Security.

In a statement issued by British Airways on Thursday, it is reported that users affected by the data theft are those who booked flights on the company’s website and mobile app between August 21 and September 5. The airline has advised customers who made reservations during that period and believe that they may have been affected by this incident to contact their banks or credit card providers and continuing to expect more information about the data theft.

British Airways stated in its Twitter account that personal data stolen included customers’ names and addresses, along with their financial information, but the company assured their users that hackers did not access their passport numbers or travel details.

The company also mentioned that the payment card information stored on its website and mobile app was not compromised in the event, as hackers only stole the cards used to make payments during the period of the data theft.

Although British Airways official statement does not mention the number of affected customers, ethical hacking specialists estimate that the figure is around 380k users of the company’s website and mobile app. Moreover, it remains unclear how data theft occurred, but some media report that unusual activity was identified until a third party notified the company.

A spokesman for British Airways commented for media that the event is a data theft, not a data breach, suggesting that someone with privileged access to data stored by the company could have extracted the information. The company also informed the police and the Office of the Commissioner of Information and is in the process of communicating directly with the affected users.

A few days after detecting the problem, the company has already announced that the problem has been resolved and that its website works normally. British authorities are already working together with the company to resolve this case as soon as possible.

This is the second case of massive airline information theft in the last month. At the end of August, ethical hacking specialists reported a security breach by which personal information of thousands of customers of Air Canada was abducted, revealing payment details and user’s passports names.